Just to say first that I amazed from your expertise level!
I have a really tricky question :
If I have an internal domain name lets say name1.name2.name3.net
but the external publicly routable domain name is name3.net
Can the federation service name be different than the domain name ?
i.e. can be : adfs.name3.net ? instead of adfs.name1.name2.name3.net
and can the public certificate contain these values :